Phoning Iran, Cyber Obscura

Before you read this: what is documented and what is reconstructed

This article distinguishes documented elements from reconstructed elements. The distinction matters, and is held throughout. Read the note first; the rest of the case file leans on it.

Documented: the phenomenon itself, the scripts that callers heard, the dates, the contemporaneous news coverage in the Associated Press and elsewhere, the broad fact of the January 2026 internet shutdown, and the long-running supply relationships between the Iranian state and Chinese telecommunications vendors.

Reconstructed, with one important attribution caveat: the specific protocol-level mechanism by which the redirection and synthetic substitution were implemented, and the question of who was implementing it. The most obvious reading places the Alyssia gateway inside the Iranian telecommunications core, run by or on behalf of the Iranian state. A parallel reading, circulating in diaspora discussion and plausible on the public evidence, places the gateway outside the Iranian network entirely: a "Mossad in the Middle" operation, an artificial intelligence inserted into the international call path by Israeli signals intelligence to harvest diaspora metadata during the conflict and the blackout. Either reading is consistent with what callers experienced. The technical breakdown that follows describes the mechanism without committing to a single attribution, and flags the points where the choice of attribution would change the picture.

The reconstruction draws on published research about Signalling System No. 7, the Session Initiation Protocol, 5G Radio Resource Control, and Deep Packet Inspection, and on what is independently known about Iran's national core and the broader regional signals intelligence landscape. It is consistent with the observed behaviour. It is not a forensic finding. Where future research provides better-evidenced detail, the technical breakdown will be revised.

Story opening

The voice introduced itself politely. I'm Alyssia, it said, in stilted English with the cadence of a customer service script run through a translator. Do you remember me? I think I don't know who are you.

She asked who the caller was trying to reach. She apologised, in broken phrasing, for not being able to hear them. If the caller persisted, the script changed. The voice asked the caller to close their eyes and picture a place that brought them peace and happiness, perhaps a serene forest, or the seashore. Other callers, in other moments, heard only the sounds of wind, of music, of a young woman repeating Alo? Alo? and waiting for them to answer.

The callers were diaspora Iranians in Los Angeles and London and Sydney, trying to reach mothers in Tehran, uncles in Esfahan, friends in Mashhad. Some were calling because the news from inside Iran was bad. Some were calling because they had heard there was no news at all. Most reported a call failure rate that hovered around ninety per cent. Of the calls that did connect, none of the voices belonged to anyone they knew. The voices belonged to the same handful of female personae, repeating themselves, asking the same questions, suggesting the same coastlines.

A woman called Alyssia became the most-named of these voices on Reddit, on the Persian diaspora forums, and eventually in the Associated Press. She was not a person. She was a synthetic gateway, an artificial intelligence sitting between the international telephone network and the country it was supposed to be connecting to. Diaspora callers and analysts have offered two competing readings of who was running her: an Iranian state operation, run by or on behalf of the Telecommunications Infrastructure Company; or what some have called a "Mossad in the Middle" operation, an Israeli signals-intelligence intercept inserted into the call path from outside Iran. The note above this story sets out why both readings remain in play.

Case file

The phenomenon has now been reported in two waves.

The first wave coincided with the twelve-day exchange between Israel, the United States, and Iran in June 2025. Diaspora callers attempting to reach contacts inside Iran began posting transcripts to the r/NewIran subreddit and to Persian-language Telegram channels. The transcripts were specific enough to be cross-referenced. Multiple callers, on different continents, encountering the same scripts and the same names. A moderator on r/NewIran posted a community advisory titled Phone Calls to Iran Severely Compromised. The Associated Press, the Times of India, and the Indian Express each carried the story within ten days of the first reports. The accounts were consistent. A robotic female voice. Broken English or Farsi or both. Open-ended questions designed to draw out the caller's identity. Pseudo-therapeutic meditation scripts where the questions failed.

The second wave began on 8 January 2026, when Iran initiated what researchers have since called the most comprehensive national internet shutdown ever observed. Almost all of the country's IPv6 routes disappeared from the global table within a few hours. IPv4 traffic collapsed shortly after. Voice calls into Iran, which depend on a different layer of infrastructure than the public internet, did not collapse. They were redirected. Callers reported the same Alyssia voice, the same coastline meditation, the same insistent and impossible questions. The phenomenon was no longer episodic. It was the default response of the Iranian telecommunications gateway to any inbound international voice call for the duration of the blackout.

What the public record contains, on solid evidentiary footing, is the body of caller transcripts, the dated reports, the news coverage, and the broad fact that the redirection occurred. What it does not yet contain, on the same footing, is a complete forensic reconstruction of how the redirection was implemented inside or from outside the Iranian network. The technical breakdown that follows is a reconstruction. Several of its claims are well supported by published research on the underlying protocols and on Iran's vendor relationships; some are supported by indirect evidence; some are inferences from the observed behaviour of the system. Where the evidentiary basis is thinner, the writing reflects that.

Technical breakdown

A phone call from Sydney to Tehran is, in the modern era, a stack of protocols handing the call from one operator to another. Each handoff is governed by an assumption, almost always implicit, that the operators on either side of the handoff are legitimate carriers asking legitimate questions. The Alyssia gateway exploited a property the international voice network has had since its earliest days: at every handoff, the protocols would rather route the call somewhere than admit that no route exists.

The oldest of those layers is Signalling System No. 7 (SS7), the family of telecommunications protocols that has carried the control plane of global telephony since 1980. SS7 was designed for a closed club of national carriers. It does not authenticate the asker of a question. The Mobile Application Part (MAP) of SS7 includes a message called InsertSubscriberData, intended to allow a home network to update a subscriber's profile when they roam. Issued from a privileged position inside the home network, the same message can rewrite a subscriber's profile to forward all incoming calls unconditionally to a destination of the operator's choosing. There is nothing irregular about a state-owned operator, with full access to its own home network, doing this. There is nothing the international caller can do to detect it. The phone in Sydney rings. A spoofed Address Complete Message tells the originating switch that the destination is alerting. The call is connected. The destination it is connected to is not the destination the caller intended.

The newer layer is the Session Initiation Protocol (SIP), used to manage Voice over Internet Protocol (VoIP) and 5G voice sessions. SIP runs at the application layer; the actual audio is carried by the Real-time Transport Protocol (RTP). At every international border, voice traffic crosses through a Session Border Controller (SBC), the hardened proxy that bridges one operator's SIP environment to another's. Session Border Controllers are configured with fallback rules: if the primary destination is unreachable, route to a secondary; if the secondary is unreachable, return an error. In the Iranian case, the secondary was not an error. The secondary was a media server hosting the synthetic personae, potentially operated by the Iranian state through the Telecommunications Infrastructure Company (TIC), or plausibly operated by an external signals-intelligence party with access at the international gateway level. By degrading internal routing to most domestic numbers during the blackout, the Iranian core ensured that almost every inbound international call would trip the fallback rule; the location of the rule's destination is the part that remains unresolved on the public record. The SIP handshake completed cleanly. The audio stream was redirected to the persona server. The caller heard a voice. The intended recipient never knew the call had been attempted.

So what does 5G have to do with Alyssia?

5G is often discussed as if it were straightforwardly more secure than the older networks underneath it. In one sense it is. The cryptography is stronger, and the authentication is more carefully specified than anything in Signalling System No. 7. In another sense it is not, and the difference matters here.

Before a 5G phone can speak securely to the network it is connecting to, the phone and the network have to exchange a short opening conversation about who they are, which network is serving them, and what kind of session they are setting up. That opening conversation happens before the cryptographic protections are fully switched on. There is, in other words, a small window at the start of every 5G connection in which the messages flying between the phone and the network are not yet authenticated and not yet encrypted. Anyone who can get a message into that window has a chance to nudge the phone somewhere it would not otherwise have gone.

Three pieces of recent research have walked carefully into that window, and together they describe the conditions under which an Alyssia-style redirection becomes technically possible on a modern handset.

The first, Semantics Over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities, uses a method its authors call Constraint-Guided Semantic Testing to demonstrate that the software running on 5G phones can be driven into unexpected states by carefully crafted setup messages that the 5G standard still considers valid. The phone accepts the message; the consequences are not the consequences the standard was designed to produce. The second, Privacy-Preserving and Standard-Compatible AKA Protocol for 5G from USENIX Security, formally analyses the 5G Authentication and Key Agreement protocol and identifies tracking and linkability weaknesses that exist even when the protocol is implemented exactly as written. The third, the Multidisciplinary Digital Publishing Institute (MDPI) survey Investigating Security Vulnerabilities in 5G Control and User Planes: Attack Patterns and Protection Strategies, maps these and related findings against the architecture of 5G as it is actually deployed, drawing the picture together for defenders.

Read together, the three sources describe a pre-authentication window that is narrow but real, and the kinds of message a privileged adversary can push into it. The practical consequence for Alyssia is straightforward. A party with the right position in the network can, during that brief unprotected opening, tell a 5G phone that the network function it should register with is somewhere other than the legitimate one. By the time the phone realises something is off, the redirection has already happened. The encryption that would have protected the rest of the session is being built against the wrong counterparty. The Alyssia gateway sat behind exactly such a redirection. Modern handsets, which would otherwise establish encrypted sessions, were routed to a state-controlled or signals-intelligence-controlled mobility function before the encryption could engage.

What made the synthetic voice possible at the audio layer, rather than just the routing layer, was Deep Packet Inspection (DPI). Iran's national core has been built over two decades on hardware and software supplied principally by ZTE Corporation and Huawei Technologies. The ZXMT integrated monitoring system, supplied to the Telecommunication Company of Iran (TCI) under a contract first reported by Reuters in 2012, performs real-time inspection of voice, short message, and internet traffic. Because much of Iran's domestic voice traffic remains unencrypted at the transport layer, a DPI-equipped node sitting on the international gateway can identify the RTP packets associated with a given session and substitute their payload with pre-rendered synthetic audio chunks before forwarding the stream onward. The caller hears continuous voice. The voice is not the voice on the other end of the call. There is no other end of the call.

The personae themselves were not artificially intelligent in any meaningful sense. They were small finite-state machines wrapped around a synthesised voice. The first state was a feigned bad connection: Alo? Alo? repeated, the line apparently unstable, the caller given a chance to identify themselves before the system committed to anything. The second state, if the caller persisted, was identity solicitation: Who you want to speak with? I'm Alyssia. Do you remember me? The third state, if the caller pushed back or expressed distress, was a switch to the meditation script, calm and unhurried, urging the caller to imagine a forest or a seashore. The fourth state was termination, after enough audio had been captured for analysis or after the caller's international minutes ran out. The interaction was not designed to fool the caller for long. It was designed to keep the caller on the line just long enough for the things underneath the conversation to do their work.

Underneath the conversation, the network was harvesting. Each call yielded a voiceprint, extractable through standard speech-processing techniques such as Mel Frequency Cepstral Coefficients (MFCC), against which databases of known activists, journalists, and diaspora figures could be matched. Each call yielded provenance metadata: the originating carrier, the SIP trunk used, the codec profile, the timing fingerprint. Where the diaspora had been routing calls through specific transit operators in an effort to reach loved ones reliably, the harvest mapped those routes and made them available to be blocked. Where a caller named the person they were trying to reach, the name was logged against the originating number. The Alyssia gateway was, among other things, an audio-rate intake form for the Ministry of Intelligence (MOIS).

For defenders, the structural lesson is that no encryption applied at the application layer would have changed the outcome. The application layer was never reached. The redirection, the fallback, and the audio substitution all happened at signalling and transport layers below any session the caller's device could secure. The places to look for a defence of this kind are upstream: signalling firewall standards published by the GSM Association (GSMA) such as the IR.82 family for SS7 and Diameter, end-to-end authentication of voice sessions across operator boundaries, and operator-side disclosure of fallback policies for international voice traffic. Each of these is a difficult ask. None of them is impossible. The blackout demonstrated, at national scale, what happens when none of them is in place.

Core lesson

There is a way of reading the Alyssia phenomenon as cyberpsychology, as a story about the uncanny valley and what it does to people in distress. That reading is not wrong. It is incomplete. The synthetic voice is the visible part. The visible part is the smallest part of the operation.

The deeper structure is that an international phone call to a contested region is not, and has never been, a private channel between two people. It is a sequence of handoffs between carriers, governed by protocols that prefer connection to authenticity. The protocols were standardised in eras when the parties on either end of any handoff were a small set of national operators trusted by virtue of being national operators. That trust assumption was reasonable in 1980. It is no longer reasonable, and the cost of the unreasonableness is not borne by the operators that built the assumption into the standards. It is borne by the woman in London who wants to know whether her mother in Tehran is alive.

What the Alyssia gateway shows, with unusual clarity, is that the synthetic media revolution did not arrive in the telecommunications layer as a novelty. It arrived as a fit. Generative voice, dropped into a protocol family that already preferred some answer to no answer, gave the protocol family a new way to keep its preference. The fallback rule was designed to maintain the illusion of service when service was not available. Filling that fallback with a fluent synthetic voice was a small step. The step is no smaller for being small. Once the fallback can speak, the silence of a national blackout becomes a population-scale interview, conducted by a system that does not need to understand what is being said in order to extract value from saying it.

At the start of the case, the phone is the diaspora's last connection to home. By the end, it is the state's audio sampler. The technology did not fail. It performed exactly as the protocol family was designed to perform, in conditions the protocol family did not contemplate, on behalf of an asker the protocol family does not know how to refuse.

Glossary

The terms below cover the protocols and components named in the technical breakdown. Each is explained in plain English; the precise behaviour is in the breakdown above.

Signalling System No. 7 (SS7): A family of telecommunications protocols, standardised by the International Telecommunication Union in 1980, used by phone networks to route calls, deliver text messages, and exchange roaming and subscriber information. SS7 underlies most of the mobile signalling visible to ordinary users on 2G and 3G networks, and remains in interconnect use even where 4G and 5G are deployed.
Mobile Application Part (MAP): The application layer of SS7, where the protocols specific to mobile services live. MAP includes the messages used to move subscriber data between networks during roaming, including the InsertSubscriberData message used to update a subscriber's service profile.
Session Initiation Protocol (SIP): The application-layer protocol used to set up, manage, and terminate Voice over Internet Protocol (VoIP) and 5G voice sessions. SIP carries the signalling for a call; the audio itself is carried in a separate stream by the Real-time Transport Protocol (RTP).
Session Border Controller (SBC): The hardened network element that sits at the edge of a carrier's SIP network, brokering voice traffic between that network and other carriers. Session Border Controllers enforce routing, security, and policy rules, including fallback rules for unreachable destinations.
Gateway fallback: A routing rule that tells a network element where to send traffic when the primary destination cannot be reached. Fallback is intended to maintain service in the face of network failure; it is also a configurable surface that can be pointed somewhere other than its intended destination.
Deep Packet Inspection (DPI): A class of network analysis that examines the payload of packets in real time, not just their headers. Deep Packet Inspection is used legitimately for traffic management, security monitoring, and quality of service; it is also the technical basis on which a state can identify and substitute the audio carried by an unencrypted voice session.
5G New Radio and Radio Resource Control (RRC): 5G New Radio is the radio access technology of 5G mobile networks. The Radio Resource Control protocol governs the messages exchanged between a device and the network during connection setup. Some Radio Resource Control messages are exchanged before the cryptographic security context is fully established, which creates a pre-authentication window that has been the subject of formal verification research.
Access and Mobility Management Function (AMF): The 5G core network function responsible for connection and mobility management. The Access and Mobility Management Function is one of the components a state actor with privileged access can use to redirect voice sessions before encryption is applied.
National Information Network (NIN): Iran's parallel domestic internet, designed to function independently of the global internet. The National Information Network is the structural condition that makes a total external blackout possible without disrupting internal state communications.
Voice fingerprinting: The use of speech-processing techniques, including the extraction of Mel Frequency Cepstral Coefficients (MFCC), to construct a numerical representation of a voice that can be matched against a database. Voice fingerprinting does not require the speaker to identify themselves.
Telecommunications Infrastructure Company (TIC): The state-owned operator of Iran's national telecommunications backbone, responsible for international gateways and the routing of inbound and outbound traffic.

Suggested viewing

Farrell McGuire, Horrors on Iran's Internet. A walkthrough of the Iranian internet shutdown architecture and the phone-call phenomenon, accessible to viewers without a telecommunications background. Useful as a companion to the technical breakdown above.

Source: Farrell McGuire on YouTube. Embedded via the privacy-enhanced youtube-nocookie domain.

Return to the case

The diaspora callers who first reported Alyssia were, in the strict sense, talking to no one. The line had been completed. The caller's audio had been captured. The recipient had not been notified. The voice on the other end was a small program performing a state machine that the network had been configured to run.

What the call still was, in the diaspora's experience, was a call to home. The voice was wrong. The questions were wrong. The geography was wrong. The act of dialling was the same act of dialling that had connected them to the same landline two months earlier. The protocol had not changed. The fallback had not changed. The only thing that had changed was who, on the receiving side, was making use of the silence.